Labsco
GeiserX logo

atlassian-browser-mcp

β˜… 2

from GeiserX

rowser-backed MCP wrapper for mcp-atlassian with Playwright SSO auth. Enables AI tools to access Atlassian Server/Data Center instances behind corporate SSO (Okta, SAML, ADFS) where API tokens are not available.

πŸ”₯πŸ”₯πŸ”₯βœ“ VerifiedFreeQuick setup
<p align="center"> <img src="docs/images/banner.svg" alt="atlassian-browser-mcp banner" width="900"/> </p>

atlassian-browser-mcp

License: GPL-3.0 Python 3.11+ GitHub stars mcp-atlassian GeiserX/atlassian-browser-mcp MCP server

MCP server that wraps the upstream mcp-atlassian toolset with browser-cookie authentication via Playwright. Designed for Atlassian Server/Data Center instances behind corporate SSO (Okta, SAML, etc.) where API tokens are not available.

How it works

Authentication and serving are two separate processes β€” this is what keeps the MCP server from hanging:

  1. Authenticate with the CLI (foreground, where a browser can open): atlassian-cli login <jira|confluence> runs Playwright, you complete SSO/MFA once, and cookies are saved to a per-service storage-state file.
  2. The MCP server serves data only. It reads the saved cookies via a custom requests.Session subclass and never opens a browser. On a missing/expired session it fails fast with an AuthRequiredError telling you to run the CLI login β€” it does not block waiting for an interactive login.

⚠️ Earlier versions launched the login browser from inside the server. Because the server is detached and async, that blocked tool calls for minutes (often forever) and could deadlock Playwright's sync API on the event loop. The CLI/server split (allow_interactive=False on server sessions) removes that failure mode entirely.

The server monkey-patches JiraClient and ConfluenceClient constructors in mcp-atlassian to inject the browser-cookie session, giving full parity with the upstream tool surface.

Files

FilePurpose
atlassian_browser_mcp_full.pyMCP entrypoint. Patches upstream clients, registers atlassian_login tool, runs the MCP server
atlassian_browser_auth.pyShared auth core: BrowserCookieSession, interactive_login(), profile seeding, SSO detection
atlassian_cli.py + atlassian-cliCommand-line front-end over the same auth core (Jira/Confluence get/search, login). Great for scripts and agents β€” see AGENT_USAGE.md
run-atlassian-browser-mcp.shMCP launcher: creates venv, installs deps via uv, runs compatibility check, starts server
pyproject.tomlDependency pins

Reusing your real browser session (recommended)

To avoid re-entering your username/password + MFA on every login, seed the automation profile once from your real Chrome profile. The copy carries your existing SSO cookies (and saved logins / password-manager extension), so the first login is typically one-click or fully hands-free:

Copy & paste β€” that's it
ATLASSIAN_SEED_FROM_CHROME_PROFILE=Default ./atlassian-cli login jira

Chrome 136+ blocks automation from driving the live profile in place, so a one-time copy into the dedicated profile dir is the supported way to inherit the session. The profile is never auto-deleted on an auth failure, so the long-lived session persists and re-login stays instant. Jira and Confluence keep separate cookie jars but share one seeded profile.